➤ For readers who may have missed the story, can you explain the situation briefly?
Mikael: A 23-year-old security researcher and hacker from Switzerland named maia arson crimew informed me that they had located an unsecured server online. The server, run by a regional airline, contained not only personal details on employees but a 2019 copy of the No Fly List, a secretive database of suspected and accused terrorists who have been barred from flying into or out of the U.S.
➤ Tell us a little bit about the reporting process. How did the story come about?
Mikael: When dealing with something as sensitive as the No Fly List, it is imperative to do your due diligence. The technical aspects of the story were fairly straight forward, such as detailing how the server was found and what all it contained.
The more laborious parts of the reporting process involved talking with lawyers as well as questioning the airline, the FBI, the TSA, and other agencies and organizations to both confirm the legitimacy of the data and learn as much as we could. My editor David Covucci did a lot of that heavy lifting thankfully, which allowed me to focus on analyzing the data as I spoke with the security researcher.
➤ What's the magnitude of this? Was it shocking to you that something as important as the No Fly List was able to be found by a hacker?
Mikael: The No Fly list contained over 1.5 million rows of data, which included names, aliases, and birthdates for people from across the globe. Both the security researcher and myself were shocked that such a document would be left on an unsecured development server. A Republican lawmaker has already vowed to launch a congressional investigation into why the list was left unprotected online.
➤ What are some of your biggest takeaways from this? Does this kind of lax security highlight just how important it is to keep data secure?
Mikael: The security researcher noted that she hadn't even set out to find anything related to the No Fly List or airlines in general and merely stumbled across the list while searching for exposed servers out of boredom. Luckily for the airline involved, maia revealed the issue to the Daily Dot so that it could be fixed and responsibly reported.
Unfortunately, the safety of your personal data is at the whim of every company or government entity that's storing it. Although I would hope and assume that our readers aren't on the No Fly List.
➤ Anything else you want to share with web_crawlr readers?
Mikael: Thanks for reading! You can expect more big tech scoops involving hacks, leaks, and data breaches from the Daily Dot in 2023.
No comments:
Post a Comment
Keep a civil tongue.